Abstract 

Methods and devices are directed to authorizing a network device to a 
resource over a network. An access server determines based, in part, on an attribute of 
the network device associated with the attribute certificate, whether the network device 
5 may be authorized access to the resource over the network. The attribute may be 

associated with a capability granted to the network device, a condition to be satisfied for 
the attribute to be valid, and the like. The attribute may belong to a group of network 
devices, or one or more users accessing the network through the network device. In one 
embodiment, the attribute certificate may be provided based on an automated security 
10 scan of the network device. In another embodiment, the access server may make the 
attribute available to a network resource associated with the access server. 
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